Zscaler ThreatLabz documented two active campaigns that embed hidden instructions in web pages to manipulate AI agents, not human users, though those get caught too. The technique is called indirect prompt injection: malicious text is hidden in a website’s code where a human browser won’t see it, but an AI agent crawling the page for information will read it and potentially act on it.
The first ca...
